Mercurial > hg > icedtea7

view test/standalone/TestEllipticCurveCryptoSupport.java @ 2879:2fbb359cc3c7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR3115: Add check for elliptic curve cryptography implementation. 2015-05-20 Andrew John Hughes <gnu_andrew@member.fsf.org> PR3115: Add check for elliptic curve cryptography implementation. * TestCryptoLevel.java: Moved to test/standalone. * rewriter/agpl-3.0.txt: Moved to root directory. * test/RH1195203.java: Likewise. * Makefile.am: (ECC_CHECK_BUILD_DIR): Added. (CRYPTO_CHECK_SRCS): Update TestCryptoLevel.java path. (ECC_CHECK_SRCS): Added. (MIME_TYPE_CHECK_SRCS): Update path. (EXTRA_DIST): Add ECC_CHECK_SRCS. (check-local): Add check-ecc. (clean-tests): Add clean-check-ecc. (clean-local): Add clean-ecccheck. (ecccheck): Build ECC check test. (clean-ecccheck): Cleanup ECC check test. (check-ecc): Run ECC check test. (clean-check-ecc): Cleanup run of ECC check test. * NEWS: Updated. * agpl-3.0.txt: Moved from rewriter as also applies to tests. * test/standalone/RH1195203.java: Moved from test. * test/standalone/TestCryptoLevel.java: Moved from root directory. * test/standalone/TestEllipticCurveCryptoSupport.java: Add check for elliptic curve cryptography support.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Thu, 28 Jul 2016 03:46:39 +0100
parents
children
line wrap: on
line source

/* TestEllipticCurveCryptoSupport -- Check if ECC is available.
   Copyright (C) 2015 Red Hat, Inc.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

import java.lang.reflect.Field;

import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;

import javax.crypto.KeyAgreement;

/**
 * Check whether Elliptic Curve Crypto is available.
 *
 * Based on http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
 */
public class TestEllipticCurveCryptoSupport {

  private static final String PKCS11_NAME = "SunPKCS11-NSS";
  private static final String EC_NAME = "SunEC";
  
  public static void main(String[] args) throws Exception {
    boolean possibleProblems = false;
    boolean available = false;
    boolean pkcs11 = false;
    
    if (args.length < 1) {
      System.err.println("TestEllipticCurveCryptoSupport <available=yes|no>");
      System.exit(-1);
    }

    System.err.print("ECC should be available: ");
    if ("yes".equals(args[0])) {
      available = true;
      System.err.println(args[0]);
    } else {
      available = false;
      System.err.println("no");
    }

    // Provider
    Provider provider = Security.getProvider(EC_NAME);
    if (provider == null) {
      System.out.println("No SunEC provider");
    } else {
      System.out.println("SunEC provider is present");
      possibleProblems = true;
    }

    provider = Security.getProvider(PKCS11_NAME);
    if (provider != null)
      {
	pkcs11 = true;
	System.err.println("PKCS11 provider is present; adjusting tests accordingly.");
      }
    else
      System.err.println("PKCS11 provider is present.");
    
    // AlgorithmParameters
    try {
      AlgorithmParameters params = AlgorithmParameters.getInstance("EC");
      System.out.print("EC AlgorithmParameter is present; ");
      if (params.getProvider().getName().equals(PKCS11_NAME))
	{
	  System.out.println("provided by PKCS11");
	}
      else
	{
	  System.out.println("provided by EC provider");
	  possibleProblems = true;
	}
    } catch (NoSuchAlgorithmException e) {
      System.out.println("No EC AlgorithmParameters");
    }
    
    // KeyAgreement
    try {
      KeyAgreement agreement = KeyAgreement.getInstance("ECDH");
      System.out.print("ECDH KeyAgreement is present; ");
      if (agreement.getProvider().getName().equals(PKCS11_NAME))
	{
	  System.out.println("provided by PKCS11");
	}
      else
	{
	  System.out.println("provided by EC provider");
	  possibleProblems = true;
	}
    } catch (NoSuchAlgorithmException e) {
      System.out.println("No ECDH KeyAgreement");
    }
    
    // KeyFactory
    try {
      KeyFactory factory = KeyFactory.getInstance("EC");
      System.out.print("EC KeyFactory is present; ");
      if (factory.getProvider().getName().equals(PKCS11_NAME))
	{
	  System.out.println("provided by PKCS11");
	}
      else
	{
	  System.out.println("provided by EC provider");
	  possibleProblems = true;
	}
    } catch (NoSuchAlgorithmException e) {
      System.out.println("No EC KeyFactory");
    }
    
    // KeyPairGenerator
    try {
      KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
      System.out.print("EC KeyPairGenerator is present; ");
      if (gen.getProvider().getName().equals(PKCS11_NAME))
	{
	  System.out.println("provided by PKCS11");
	}
      else
	{
	  System.out.println("provided by EC provider");
	  possibleProblems = true;
	}
    } catch (NoSuchAlgorithmException e) {
      System.out.println("No EC KeyFactory");
    }
    
    // Signature
    try {
      Signature sig = Signature.getInstance("NONEwithECDSA");
      System.out.print("EC Signatures are present; ");
      if (sig.getProvider().getName().equals(PKCS11_NAME))
	{
	  System.out.println("provided by PKCS11");
	}
      else
	{
	  System.out.println("provided by EC provider");
	  possibleProblems = true;
	}
    } catch (NoSuchAlgorithmException e) {
      System.out.println("OK: No EC Signatures are present");
    }

    // Full implementation
    try
      {
	Class<?> sunECProvider = Class.forName("sun.security.ec.SunEC");
	System.err.println("sunECProvider class: " + sunECProvider);
	Field f = sunECProvider.getDeclaredField("useFullImplementation");
	f.setAccessible(true);
	boolean implemented = f.getBoolean(null);
	System.err.println("useFullImplementation = " + implemented);
	possibleProblems = implemented;
      }
    catch (ClassNotFoundException e) {
      System.out.println("SunEC provider class not found.");
    }
    catch (NoSuchFieldException e) {
      System.out.println("useFullImplementation field not found in SunEC");
    }
    catch (IllegalAccessException e) {
      System.out.println("Could not access useFullImplementation field");
    }

    System.err.println("SunEC provider available: " + possibleProblems);
    if (available)
      System.exit(possibleProblems ? 0 : 1);
    else
      System.exit(possibleProblems ? 1 : 0);
    
  }    
}